Java无法找到可信证书(JKS)

时间:2016-09-05 17:28:32

标签: web-services ssl certificate cxf jks

我需要使用CXF使用服务,我面临以下问题。

即使我的Java密钥库(JKS)工作了SOAP UI,例如,当我在我的java程序中使用它时,它总是给我消息

sun.security.validator.ValidatorException: No trusted certificate found

我检查了JKS文件并且证书在那里,所以当我把它放在SOAPUI项目上时,它被识别并且服务成功调用,没有任何问题。我使用cxf网站(http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java?view=log)提供的代码作为基础,如下所示:

public static void setupTLS(Object port) throws FileNotFoundException, IOException, GeneralSecurityException
{
    final String keyStoreLoc = "d:/certs/mykeystore.jks";
    HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();

    TLSClientParameters tlsCP = new TLSClientParameters();
    final String keyPassword ="password";
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new FileInputStream(keyStoreLoc), keyPassword.toCharArray());
    KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
    tlsCP.setKeyManagers(myKeyManagers);

    KeyStore trustStore = KeyStore.getInstance("JKS");
    trustStore.load(new FileInputStream(keyStoreLoc), keyPassword.toCharArray());
    TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
    tlsCP.setTrustManagers(myTrustStoreKeyManagers);
    httpConduit.setTlsClientParameters(tlsCP);
}

private static TrustManager[] getTrustManagers(KeyStore trustStore)
        throws NoSuchAlgorithmException, KeyStoreException
{
    String alg = KeyManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
    fac.init(trustStore);
    return fac.getTrustManagers();
}

private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
        throws GeneralSecurityException, IOException
{
    String alg = KeyManagerFactory.getDefaultAlgorithm();
    char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null;
    KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
    fac.init(keyStore, keyPass);
    return fac.getKeyManagers();
}

调试时,我可以看到证书已加载,密钥库和keystrustmanagers相应地填充,所以在几天试图弄清楚发生了什么后,我的想法已经用完了。所以,如果你们有任何可以提供帮助的小贴士,请帮助我。

提前致谢。

1 个答案:

答案 0 :(得分:0)

在运行更多测试后,很明显证书就是问题所在。我把jks变成了一个有效的,现在它运行得很好。

对于那些需要这样的解决方案的人来说,我基于我的解决方案(http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java?view=log)的例子就像魅力一样。